[jboss-user] [Beginners Corner] - Tomcat fails to send WWW-Authenticate header when custom 401

wiwwy do-not-reply at jboss.com
Mon Mar 16 22:29:07 EDT 2009


I'm running jboss-3.2.7 and need to use a custom 401 error page with my servlets.  But by doing so, I don't get a dialog box asking me to authenticate and it immediately errors out and displays the custom 401 page.  If I comment out the following from my web.xml,

<error-page>
  | 	<error-code>401</error-code>
  | 	<location>/unauth.jsp</location>
  | </error-page>

then I properly get the dialog box prompting me to log in, but the default Tomcat/5.0.30 error page is used.   After doing some cURL tests, I noticed that when I use a custom 401 error page, I lose the WWW-Authentication header that is passed via:

resp.setHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
  | resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);

Searching the Internet shows that this could be a bug in many versions of Tomcat.  Is there a fix or work-around for this bug?


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218467#4218467

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4218467



More information about the jboss-user mailing list